CVE-2025-30131

Published: Jun 26, 2025

Modified: Jun 26, 2025

PUBLISHED

Description

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.iroadau.com.au/downloads/

https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-30131

Description

Affected Products

References